cannot create service principal from Azure Portal once it's deleted

Nan Lei 21 Reputation points
2022-03-08T13:04:01.103+00:00

Hello I wonder if there has been a breaking change in terms of how "actions" under active directory built-in role mapped to graph api permissions.

The issue is I, as a global admin/Applicaion admin, cannot "Create Service Principal" once its deleted.
To reproduce the issue, create a new Azure AD app from the portal, go into service principal, and delete it. Come back to the main page of the Azure AD app, click "Create Service principal", nothing happend.

The document of global admin role describes the following actions are allowed:
microsoft.directory/applications/create Create all types of applications
microsoft.directory/applications/delete Delete all types of applications

only seems to be an issue from portal.
Can successfully create the service principal via graph api, as long as app permission of "application.readwrite.all" has been consented.

180968-image.png

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,336 Reputation points
    2022-03-09T07:55:33.31+00:00

    Hi @Nan Lei • Thank you for reaching out.

    I understand that you are unable to create a service principal using Azure Portal by clicking on the Create Service Principal link on the overview page of your app registration.

    This must be due to some breaking change as I have used this link in the past to create service principal but it is no longer working for me as well. This is an issue with the UI as the "create service principal" is not a valid hyperlink and if you right-click on it, you will not get the options that are available on valid hyperlinks.

    This is not a permissions issue as you can use the same account to create a service principal using Graph API or PowerShell. I have raised a ticket regarding this with the product team to get it addressed. Meanwhile, as a workaround, you can continue using Graph API/Powershell to create the service principals.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful